CVE-2025-13943

Published Feb 24, 2026

Last updated 14 hours ago

CVSS high 8.8

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-13943 is identified as a post-authentication command injection vulnerability affecting specific firmware versions of the Zyxel EX3301-T0 device. This flaw resides within the log file download function of the device's firmware. The vulnerability, categorized under CWE-78 (Improper Neutralization of Special Elements used in an OS Command), allows an authenticated attacker to execute arbitrary operating system commands on the affected device. This is possible due to insufficient neutralization of special characters in user-supplied input within the vulnerable function. The affected firmware versions include those through 5.50(ABVY.7)C0.

Description
A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device.
Source
security@zyxel.com.tw
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security@zyxel.com.tw
CWE-78

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

5

  1. Zyxel has published 2 CVEs for some vulns I found :D CVE-2025-13943: Authenticated command injection in log export CGI CVE-2025-13942: Unauthenticated command injection in UPnP daemon I will blog about this in the coming months. Meanwhile, exploits here: https://t.co/CbVHekdN5q

    @hacefresko

    24 Feb 2026

    1922 Impressions

    13 Retweets

    37 Likes

    9 Bookmarks

    1 Reply

    0 Quotes

  2. CVE-2025-13943 A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an… https://t.co/oynISNqseG

    @CVEnew

    24 Feb 2026

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. [CVE-2025-13943: HIGH] Critical cyber security alert: Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 are vulnerable to command injection, enabling attackers to run OS commands.#cve,CVE-2025-13943,#cybersecurity https://t.co/UloRAYwlkg

    @CveFindCom

    24 Feb 2026

    46 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.